Return to site

Hash Crack Challenge

Password Hash Cracking Contest

· Password Cracking,password hash,password contest,one time grid,password challenge

CHALLENGE OVER

The Challenge

Two plain SHA1 password hashes have been generated using separate techniques from a single "Random-Grid" One-Time Grid (see One-Time Grid write-up <HERE>). This password cracking challenge will last one week, which starts Aug 27th, 2018 1200PM EST and ends September 3rd, 2018 at 1200PM EST.

HASH #1

[CRACKED by @BoursierEtienne] fe0c9f335b35c45e92d5e7d07c5933b6c4c0a522

HASH #2

[CRACKED by @lakiw]

120c249bc0f301ef3cba7a0fcbff463aaaded486

Prizes

Claim your prizes by posting on Twitter to @netmux with the cracked password. All valid submissions must be received before Sept 3rd at 1200PM EST.

***Limit=1. Sorry only United States contestants are eligible to receive the password cracking rig. A $500 Amazon gift card will be awarded for an international winner that cracks HASH #2.

**To receive your final prizes contestants must submit a write-up of your strategy for cracking the password hash. These write-ups will be posted at the end of the challenge accompanying the correct solutions.

Clues

Clues will be given periodically throughout the contest. Please follow @netmux on Twitter for announcements of new clues.

  1. "Pattern" & "Scatter"
  2. One-Time Grid attached below 
  3. Birthday Paradox
  4. Are all cell values equally probable?
  5. str(PIN)[:-1]
  6. scatter_cells + str(PIN)[:-1]
  7. Use seven of the possible ten "repeats" to mask your way to the other half of the scatter_cells solution.
  8. Hash #2 = print(len(scatter_cells + str(PIN)[:-1])) = 19
  9. No cell values have been reused in the composition of scatter_cells.
    “q$*????????)wc” + str(PIN)[:-1]
hash crack challenge one time grid

CHALLENGE WRITE-UP

-wanted to give back

-rush to get it out, switched from md5 to sha1 at last minute

-hard to know what's obvious when you know the answer

-tried to slow down people with larger rigs and make it about clever analysis and tricks

-Explain each "Clue"

-36 Unique total characters out of 49 = IA9GVwc8oyL$)M.!q03WKH+epP?*{TxJzhbu

-10 characters repeating = IG8oL$.+p3

-7 repeat characters used = $I.3+LG

-HASH #2 = q$*I.3+xLHG)wc71997

08+{superjetyoMKHp

q$*I.3+xLHG)wc71997

The Clues Explained

  1. "Pattern" & "Scatter"
  2. One-Time Grid attached below 
  3. Birthday Paradox
  4. Are all cell values equally probable?
  5. str(PIN)[:-1]
  6. scatter_cells + str(PIN)[:-1]
  7. Use seven of the possible ten "repeats" to mask your way to the other half of the scatter_cells solution.
  8. Hash #2 = print(len(scatter_cells + str(PIN)[:-1])) = 19
  9. No cell values have been reused in the composition of scatter_cells.
    “q$*????????)wc” + str(PIN)[:-1]

"There is nothing more deceptive than an obvious fact."

broken image

HASH #1 = 08+{superjetyoMKHp

broken image

HASH #2 = q$*I.3+xLHG)wc71997

broken image

Cells with repeat values = q$*I.3+xLHG)wc71997

One-Time Grid: Random Password Book

one-time grid password book

Hash Crack: Password Cracking Manual

hash crack password cracking manual

Pentester Portable Cracking Rig

pentester portable rig prize